There Is No Preview Available For This Item
This item does not appear to have any files that can be experienced on Archive.org.
Please download files in this item to interact with them on your computer.
Show all files
The field of computer forensics seeks to help investigators reconstruct what happened during a computer intrusion. Did an attacker break in, and if so, how? What havoc did the attacker wreak after breaking in? Tools that help investigators answer these types of questions are still quite primitive and are often hindered by incomplete or incorrect information. Virtual machines can enable more-powerful forensic analysis through techniques such as replaying a computer's instruction stream and introspecting on the state of a virtual machine. This talk describes how to provide and use virtual machine replay and introspection to enable arbitrary forensic analysis, enable reverse debugging of intrusions and bugs, and detect intrusions in the past and present through vulnerability-specific predicates.